SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Oracle WebLogic Vendors:   BEA Systems
Oracle BEA WebLogic Server and Portal Bugs Let Remote Users Access and Modify Data and Deny Service
SecurityTracker Alert ID:  1023442
SecurityTracker URL:  http://securitytracker.com/id/1023442
CVE Reference:   CVE-2010-0068, CVE-2010-0069, CVE-2010-0074, CVE-2010-0078   (Links to External Site)
Date:  Jan 12 2010
Impact:   Denial of service via network, Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0 - 7.0 SP7, 8.1 - 8.1 SP6, 9.0, 9.1, 9.2 - 9.2 MP3, 10.0 through MP2, 10.3.0, 10.3.1
Description:   Several vulnerabilities were reported in WebLogic Server. A remote user can access and modify some data on the target database. A remote user can cause denial of service conditions.

No additional details were provided.

The following versions are affected:

Oracle WebLogic Server 10.0 through MP2, 10.3.0 and 10.3.1
Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3
Oracle WebLogic Server 8.1 through 8.1 SP6
Oracle WebLogic Server 7.0 through 7.0 SP7

The following researchers reported these and other Oracle vulnerabilities:

Anonymous of TippingPoint (3com); Esteban Martinez Fayo of Application Security, Inc.; Alexander Kornbrust of Red Database Security; David Litchfield of NGS Software; Brian Martin of INS.com; Guy Pilosof of Sentrigo; JPCERT/CC Vulnerability Handling Team; Daiki Fukumori [Secure Sky Technology] of JPCERT/CC Vulnerability Handling Team; and Dennis Yurichev.

Impact:   A remote user can access and modify some data on the target database.

A remote user can cause "partial" denial of service conditions.

Solution:   The vendor has issued a fix, described in their January 2010 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Red Hat Enterprise), Linux (SuSE), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC